Cloud
Tuesday, July 14, 2020
I’m going to continue my recent look at securing your Office 365/Azure AD directory with a quick dive into using Conditional Access rules to protect your directory’s most prized asset - accounts with admin roles.
These are roles that can be used to accomplish admin tasks within your organisation’s Office 365/Azure AD and Azure estate and they are important because they are essentially the keys to the kingdom. While you should be looking to secure all your accounts because all your users probably have access to sensitive information, systems or services; admin accounts are the accounts that give their user access to your entire estate in one or two leaps.
Continue reading →
Sunday, July 5, 2020
As the pace of attacks continues against companies who use online services, major IAM providers such as Microsoft and Okta are looking for ways to improve theirs and your security game.
I was fortunate enough to attend the 2019 Okta forum in London and one of the drums Okta beat throughout the entire presentation was Passwordless Authentication. Microsoft are also recommending this as a major improvement to Office 365/Azure security even on top of MFA.
Continue reading →
Friday, July 3, 2020
I suspect most of you reading this article will already know this, but part of Microsoft’s Azure AD (AAD) / Office 365 Cloud directory service that you get when you pay for premium AAD is Conditional Access (CA), which can be used to allow quite sophisticated access controls for accessing Office 365 resources.
Of course, you get basic Office 365 MFA with the basic Office 365 enterprise product, and you should absolutely look into enrolling your users and turning this on straight away if that is what you have.
Continue reading →
Saturday, May 11, 2019
Introduction When talking about how Intune works with a colleague, I likened assembling a working Intune configuration to protect corporate devices and data to working with small pieces of Lego to build a house. The reason for this comparison is that a managed Intune environment is built up of lots of different components that can all be slotted together - or left out - to build the environment you want.
Continue reading →
Saturday, March 30, 2019
Introduction to Microsoft Mobile Device Management I'm currently settling in to a new job where I'm spending a fair amount of time working with Microsoft's Mobile security management tools, mostly Microsoft Intune. This is largely what I was doing towards the end of my old job too, and while there's some great people writing great material out there, I think there's a lack of articles that try to start at the beginning with current (as of April 2019) tools and pull all the strands together, so that's what we're going to talk about here.
Continue reading →
Sunday, August 26, 2018
Introduction So I think a lot of us take backups for granted. It's one of those things you look at once and then tend to not worry about too much. As long as its working, why worry? Except… if you don’t look at it, how do you know how well its working? I’m talking from the viewpoint of a senior engineer or manager here of course, hopefully if you’re a junior engineer who has been put in charge of backups you’re making sure that the current system works well and telling people about any concerns you might have.
Continue reading →
Thursday, August 23, 2018
IntroductionOne of the new features in Windows 10 1803 is the ability for "local Active Directory" Domain joined workstations to allow users to reset their password from the login screen. This was introduced for Azure Active Directory joined systems in Windows 10 1709. In this post I’m quickly going to run through what you need to do in order to configure this for your domain. I’m making the following assumptions:
Continue reading →
Wednesday, March 14, 2018
Finally. Finishing up after Part 1 and Part 2, this is the end of my updated thoughts on an old Server Fault post with some final thoughts on reducing risks in the future.
Reducing the risk in the future. The first thing you need to understand is that security is a process that you have to apply throughout the entire life-cycle of designing, deploying and maintaining an Internet-facing system, not something you can slap a few layers over your code afterwards like cheap paint.
Continue reading →
Wednesday, March 14, 2018
Following on from Part 1 of my revision of an old Server Fault post, we will continue on to look at remediation after an intrusion.
(Part 3 available here)
Understand the problem fully: Do NOT put the affected systems back online until this stage is fully complete, unless you want to be the person whose post was the tipping point for me actually deciding to write this article. I'm not going to link to that post so that people can get a cheap laugh, but the real tragedy is when people fail to learn from their mistakes.
Continue reading →
Wednesday, March 14, 2018
Introduction In this series of posts I’m revisiting an answer to a question that appeared on Server Fault way back in 2011. I’m pleased to say that it’s been viewed over 100,000 times, and I like to think its helped a few of them.
But it’s time to look again. Since I wrote that post, there have been some huge intrusions, such as the well known Ashely Madison, Anthem Medical Data and JP Morgan breaches that affected millions of people.
Continue reading →
Tuesday, August 8, 2017
One of the things I’m working on at the moment is moving the remainder of our Exchange organisation over to Office 365 / Exchange Online.
We moved the bulk of our accounts some time ago; students here have been on Office 365 Exchange email for a few years, but staff and ‘role’ email accounts have been held on local Exchange servers until this month.
The things I’ve seen people worry about on these migrations have actually been the least of my worries.
Continue reading →
Wednesday, February 15, 2017
At work I tend to turn up to meetings with a MacBook Pro. This surprises a few people who know me as a former Microsoft MVP, a Windows Server/Infrastructure person and the manager of a IT system that is predominantly Windows based.
The MacBook Pro isn’t ideal; it’s a 15" 2010 model and it is starting to be a problem. Even with a SSD installed, it’s starting to get slow and cranky when it comes to waking up.
Continue reading →
Sunday, October 2, 2016
{There was a section here on converting Windows 2016 server eval to full version for enterprise customers, but as Windows 2016 is properly out there now it seems pointless. I've pasted what was here into the comments below in case anyone needs it} Upgrading ADFS The first question after deciding to roll out a new version of Windows server into your organisation is what to deploy first, and the answer for me, at least, turned out to be ADFS 4.
Continue reading →
Wednesday, November 12, 2014
Just lately Microsoft seem to be determined to mix up brand names to confuse customers.
For a while now we’ve had OneDrive for Business, the product that is built on the back of totally has nothing to do with OneDrive. OneDrive is your typical cloud file sync platform… and actually one I like enough to make my primary cloud storage of choice. OneDrive for Business is the name Microsoft have decided to give to uploading documents to a personal document library in SharePoint, in particular SharePoint Online/Office365.
Continue reading →
Thursday, May 16, 2013
So we’re a Mimecast customer and today they had a few problems with their email services in the UK going offline for a large part of the working day. No big deal as such, other than that they make big claims for their own availability and have been quite ready to point out the failings of others in the past - and the responsible people at those others are probably reacting to today’s events by pouring champagne down their throats as fast as they can get the bottles open… well maybe not at Google.
Continue reading →